Verisign draws fire over Site Finder service

Experts say it will spur surge of spam

By Hiawatha Bray, Globe Staff, 9/18/2003

VeriSign Inc., which oversees the popular ".com" Internet domain, has ignited a digital firestorm with its new method for dealing with mistyped Internet addresses. Experts say it will lead to a surge in spam, or unwanted e-mail, and that Verisign has no right to impose the system on millions of Internet users.

ADVERTISEMENT

Verisign insists the new service, Site Finder, will help casual Web surfers who've gone astray.

VeriSign launched Site Finder on Monday. Previously, when an Internet user mistyped an Internet address that ended in .com, the browser would usually display an error message, indicating there was no such address. Some browsers have been programmed to respond by taking the user to an Internet search service run by Microsoft Corp., which makes most of the world's Web browsing software. Other Internet companies, such as Google and America Online, let users install software that will cause the browser to go to their search services when an incorrect address is entered.

But VeriSign is using its control over the .com domain to route wrongly typed .inquiries to a VeriSign search site. VeriSign won't reveal the name of the search engine company it uses, but VeriSign receives revenue from the company for sending it traffic.

VeriSign began work on the system a year ago, spokesman Tom Galvin said. "We began to think of a service that would help improve Web navigation," he said. Galvin said VeriSign informed a major Internet regulatory body, the Internet Corporation for Assigned Names and Numbers (ICANN), of the Site Finder plan. He said ICANN president Paul Twomey raised no objections.

An ICANN spokeswoman said she could neither confirm nor deny this.

There have been plenty of objections from others, though.

"It's harmful because it broke a lot of things," said David Farber, professor of telecommunications systems at the University of Pennsylvania and former chief technologist for the Federal Communications Commission.

Farber said that many spam filters used by Internet service providers, or ISPs, won't work properly under the new system. That's because spammers commonly send out junk mail using nonexistent Internet domains. Under the old system, an ISP's spam filter could check on whether a domain existed. If it didn't, the filter would receive an error message, and the filter would discard the mail as spam. With Site Finder, the spam filter will always be told that the domain exists, causing it to let the spam through.

"You can actually make a mail connection to nonexistent domains now," said Lauren Weinstein, cofounder of People for Internet Responsibility. "This is the kiss of death for ISPs."

The Internet Software Consortium, a nonprofit group that makes the most commonly used domain-routing software, has introduced a modification that will bypass the new VeriSign service, causing mistyped .com addresses to generate the old error messages.

Galvin said VeriSign has received complaints from ISPs that Site Finder caused an increase in spam. "We're working with the user community to address that," he said.

But critics say VeriSign should have worked more closely with users from the beginning. They point out that it was the US government that assigned the company control of .com, by far the most popular Internet domain. This, they say, imposes a special responsibility on VeriSign.

"My personal feeling is, they violated the trust," Farber said.

Former software entrepreneur and Internet security expert Richard Smith, of Brookline, said VeriSign should not make major changes without consulting Internet oversight groups.

"They can't act unilaterally on this," he said. "There are too many constituents who have a stake in this working right."